--- webserver_auth.module.orig  2009-11-04 10:11:23.000000000 -0800
+++ webserver_auth.module       2009-11-04 11:06:59.000000000 -0800
@@ -31,6 +31,11 @@
   elseif (isset($_SERVER['REMOTE_USER'])) {
     $authname = $_SERVER['REMOTE_USER'];
   }
+  // If we are using SSL with client verification, this is handy.
+  elseif (variable_get('webserver_auth_ssl', FALSE) &&
+          isset($_SERVER['SSL_CLIENT_S_DN_CN'])) {
+    $authname = $_SERVER['SSL_CLIENT_S_DN_CN'];
+  }

   // Perform some cleanup so plaintext passwords aren't available under
   // mod_auth_kerb.
@@ -76,7 +81,12 @@
     }
     db_query("UPDATE {users} SET name = '%s' WHERE uid = %d", $account->name, $account->uid);
     // Generate an e-mail address automagically
-    if ($domain = variable_get('webserver_auth_email_domain', '')) {
+    // If we use SSL, grab the email from the cert.
+    if (variable_get('webserver_auth_ssl_email', FALSE) &&
+        isset($_SERVER['SSL_CLIENT_S_DN_Email'])) {
+        db_query("UPDATE {users} SET mail = '%s' WHERE uid = %d",$_SERVER['SSL_CLIENT_S_DN_Email'] , $account->uid);
+    }
+    elseif ($domain = variable_get('webserver_auth_email_domain', '')) {
       if ($account->name) {
         db_query("UPDATE {users} SET mail = '%s@%s' WHERE uid = %d", $account->name, $domain, $account->uid);
       }
@@ -122,6 +132,18 @@
       '#default_value' => variable_get('webserver_auth_strip_domain', TRUE),
       '#description' => t("Strip a domain name (e.g. '@EXAMPLE.COM') from the login name ('newuser@EXAMPLE.COM') to generate the \
username ('newuser')."),
     ),
+    'webserver_auth_ssl' => array(
+      '#type' => 'checkbox',
+      '#title' => t('Use Apache SSL authentication'),
+      '#default_value' => variable_get('webserver_auth_ssl', FALSE),
+      '#description' => t("Warning: Advanced users only.  Use SSL_CLIENT_S_DN_CN as username when generating new users."),
+    ),
+    'webserver_auth_ssl_email' => array(
+      '#type' => 'checkbox',
+      '#title' => t('Use Apache SSL Client Email'),
+      '#default_value' => variable_get('webserver_auth_ssl_email', FALSE),
+      '#description' => t("Warning: Advanced users only.  Use SSL_CLIENT_S_DN_Email as email when generating new users."),
+    ),
     'webserver_auth_insert' => array(
       '#type' => 'textarea',
       '#title' => 'User account modification',